The Durbin Amendment Explained

by Anisha on October 3, 2011

The Durbin Amendment, a last-minute addition to the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, has sparked fierce debate. It just went into effect on October 1st, and already we’re seeing its ramifications. Banks have priced Durbin into their checking offerings – that means we’re seeing less and less free or rewards checking. On the other hand, retailers have yet to lower their prices as promised, perhaps because Visa and MasterCard jacked up their rates on small merchants. One thing is certain, however: Bank of America customers are not happy.

For the BofA Customers: Bank of America has announced that they will start charging $5 per month for those who use their debit cards for purchases, blaming it on Durbin. We don’t think that quite adds up. Take a look at our list of still-decent checking accounts, or PerkStreet Financial, which gives 2% debit rewards and has no monthly fees.

Update July 6, 2011: After the Durbin Amendment barely survived a challenge from Sen. Jon Tester, the Federal Reserve ruled that debit interchange fees would be capped at 21 cents plus 0.05% of the transaction, with the possibility of an additional cent if certain criteria are met. Each debit card should be able to be processed on at least two independent networks, and the rules will begin to take effect in October. This ruling is generally seen as more favorable to the financial industry than expected. For a complete rundown, check out our analysis of the Fed’s final ruling.
The amendment is rather complex, but the two provisions that are still being debated, pending the Federal Reserve’s July 21, 2011 decision, are:

1. A cap of 7 to 12 cents on most debit card swipe fees, a decline of about 80% from present levels
2. The introduction of competition, by giving merchants a choice as to which debit network they process transactions over. For example, present arrangements effectively force merchants to process many Visa transactions over the STAR network, even if competitors like PULSE and NYCE offer to conduct the same transaction at a lower processing price.

The provisions that are already in place include:

1. Merchants can impose a $10 minimum on credit card transactions (this number can be adjusted by the Fed as they see fit). Previously, Visa and MasterCard banned this practice in their merchant agreements.
2. Merchants are allowed to give discounts at the register to those who pay with cash or debit cards. Previously, Visa and MasterCard banned this practice in their merchant agreements.

Banks and credit unions are against the amendment, because debit card swipe fees mostly accrue to the financial institution that issued the debit card. Card issuing banks typically take in about 1.3% of every dollar you spend on your debit card, as a fee from the merchant. This amounts to nearly $3 billion a year of very high profit margin revenue for Bank of America, for example, a number which looks to decline by ~80% unless Congress, the Department of Justice, or the Federal Reserve intervenes.

This fee is supposed to cover the risk of fraud, transactional costs, and other overhead, but due to the lack of negotiating power on the merchant side, the fee is now a major source of profit margin at every bank that offers checking accounts. Subsequently, competition between banks has caused this profit center to be used in subsidizing free premium services, like free checking accounts and surcharge-free ATMs. If this fee were to drop to 7-12 cents per transaction, as proposed by the amendment, this would create a large wealth transfer from debit card issuers to merchants, and will likely end many free premium services at banks.

The amendment’s supporters in Congress theorize that the wealth transfer from the banks to the merchants will result in lower prices for all consumers, as competitive forces between merchants force them to pass on lower costs to customers, in the form of lower prices.

Protecting The Little Guy, Fail

The swipe fee cap technically exempts financial institutions with assets of $10 billion or less. In theory, this exempts all but 3 out of the 7,000+ credit unions. However, credit unions are aggressively lobbying against the amendment. They fear that the provision requiring multiple network routing options will make the small bank interchange cap exemption impossible to enforce. For example, Visa already promised to honor the two-tier pricing system, and would process a small institution’s transaction at the current price. However, the networks are not required to differentiate between large and small banks. Even if Visa’s STAR network offered to route a debit transaction at the “exempt” 1.5% debit interchange rate, the existence of a competitive option allows the merchant to route the transaction through NYCE instead for 12 cents.  Therefore the credit union would receive some fraction of 12 cents for the transaction, rather than ~1.3% of the transaction.

The Visa-MasterCard Duopoly

Proponents of the amendment allege that merchant interchange fees have skyrocketed relative to the cost of processing the transactions. The interchange market is largely uncompetitive: Visa and MasterCard effectively set the interchange fees for all merchants. Merchants can choose not to accept Visa and MasterCard, but this is not practical for most. The Durbin amendment’s attempt to reduce prices is two-pronged: first, the mandatory introduction of competition, and second, a limit to fees in order to correct for the market failure resulting from what is essentially a duopoly.

U.S. swipe fees are, overall, uncompetitive when compared to European countries, where anti-trust regulation has broken the chokehold of Visa and MasterCard. U.S. debit interchange fees are higher than the European Union average but not egregiously so; the true effect of uncompetitive pricing is seen in the interchange fees charged on credit card transactions, where the U.S. is by far the highest.

Most notably, the fees on some premium credit cards diverged greatly from the rest of the industry in conjunction with the 2007 IPO’s of both Visa and Mastercard, likely because of pressure to juice profits for public shareholders:

Onerous credit fees are ignored

Because of the difficulty of differentiating prices for goods based on the method of payment, merchants generally factor the exchange fees into the sticker price, or absorb the cost themselves. As a result, whether a consumer pays with cash, debit, credit or rewards credit, he will see the same price (one exception is in gas prices, where the limited number of products offered allows for price differentiation). However, merchant exchange fees for credit cards, and rewards credit cards in particular, are significantly steeper than debit card fees.

One feature of monopoly pricing is that the card network can, as much as they are able, set different prices to maximize how much it believes different groups will pay. So, for example, a Visa Signature Preferred rewards card nets a 2.5% interchange fee at a restaurant (which has little bargaining power), while a Visa Classic transaction may cost a large supermarket only 1.15% (because Visa wouldn’t want to risk, say, Wal-Mart walking away). By comparison, in France, a credit card with an embedded security chip costs all merchants 0.22% of the transaction plus 10 Euro cents, while the least secure (and thus most expensive to cover) method of payment costs 0.3% plus 10 Euro cents (there is virtually no difference by way of fees with Visa versus MasterCard). The intricacies of pricing, and the emphasis on the lucrative, oft-used credit card rewards, speak to market inefficiencies.

Are the fees necessary to fund fraud protection?                                                    The major card networks allege that the interchange fees are necessary for fraud protection efforts, and to limit consumers’ losses in case fraud does occur. However, improving technology should have driven down the cost of fraud protection, not increased it. Jamie Henry, Wal-Mart’s director of payment services, argued that credit card issuers have deliberately kept chip-and-PIN technology from U.S. cards because security improvements would remove the justification for high merchant exchange fees. “Lower interchange would push the industry toward chip-and-PIN. We would see more financial institutions become interested in controlling fraud. It would be more difficult to pass [fraud] costs on to merchants.”

In response to proposed regulation, banks cry foul and threaten tightened credit, higher fees and steeper interest rates should the proposed regulations take effect. Some have also threatened per-transaction spending caps on debit cards, at $50 or $100, rendering debit effectively useless in paying for groceries, restaurants, or plane tickets, and driving customers toward more lucrative credit cards.

However, not-for-profit credit unions are also stalwartly opposed to the amendment, and for much the same reason: they fear that they will have to cut services or increase fees in response to an increased bottom line. They may have more substance to their claims than for-profit banks.

How Durbin hopes to ease the burden on consumers and merchants

The Federal Reserve believes that merchant exchange fees far exceed the cost of fraud protection. They further believe that the steep markups persist because the two major card networks, Visa and MasterCard, have such control over the credit and debit card markets that merchants, card issuers and consumers have no choice but to accept the prices that they set.

In order to correct this, the Fed proposed a cap that it believes accurately reflects the true cost of securing the debit cards used. If they have correctly judged the cap, banks will not suffer a loss to their bottom line, and will continue to provide the same services to consumers while merchants are able to offer better prices. They also introduce competition to previously monopolistic markets by requiring each debit card to be covered by at least two networks. However, the amendment fails to address credit card interchange fees, which are significantly higher than debit.

Although the regulations make an exception for small institutions, this exemption is meaningless as card issuers will have to accept the lowest exchange fee offered, whether or not it covers their security costs. This is an undue burden on credit unions, which are generally smaller and pay more to protect their customers.

This is not to say that the “swipe” fees are grossly overpriced, and that government reform of the market will not benefit consumers. However, the Federal Reserve must be careful to preserve the advantages offered by credit unions.

If you accept credit cards, you are required to be compliant with the PCI (Payment Card Industry) Data Security Standard. You can find out your exact compliance requirements only from your payment brand or acquirer. However, before you take action, you may want to obtain background information and a general understanding of what you will need to do from the information and links here.

Doctor’s offices are full of incredibly sensitive data. People trust you to keep their medical and personal information secure. Part of your job is to realize that there are unscrupulous people out there ready to steal information to make fraudulent insurance claims, create duplicate passports and other ID’s as well as stealing credit card data. Doing your due diligence and creating a safe environment for credit transactions goes hand in hand with your other safety measures.

Major considerations in safe guard your practice are encrypted equipment, trained personnel, written policies and secure storage.

• If your credit card machines are more than five years old, you very likely are asking for trouble. New encryption technology has been developed to prevent hackers from penetrating and stealing card holder data. Fines in excess of $50,000 can be assessed for each occurrence of theft perpetrated by your faulty equipment. Your processing equipment may need a checkup. You recommend that to your patients!
• Your office staff is your first line of defense to protect information. PCI Compliance training on the proper care and handling of all credit card info will take an insignificant amount of time but could be priceless if it prevents fraud or theft. Loss of patient confidence and hours spent in negative fixing of problems is so much more costly. Each employee needs to know how to process, verify, secure, and store info; knowing when to destroy records.
• Part of your operations manual should have a section dedicated to PCI Compliance. Having a written policy and precise SOP will reduce mistakes and make each of your staff feel more confident. A very large percentage of theft of card information is a result of internal fraud. (Employee theft) Be sure your policies help keep people honest by limiting the number of people who have access to this information. Too often it is a crime of convenience. Passwords should be unique to each individual and equipment default passwords should be changed.
• Any Payment Card info which you must keep must be stored under lock and key. Access to those numbers comes with a large responsibility and only those who have your full trust should be given access. It could mean the end of your practice if this info is placed into the wrong hands.

There are many firms who offer PCI insurance as well as system checks on equipment. Be wary of purchasing something without doing due diligence. There have been instances of these “protection” firms being skimmers for data. As always an ounce of protection is worth a pound of cure. PCI website and the BBB are good sources for reputable firms and products: Trustwave is the largest and most well-known.

Another step in the defensive battle is to become PCI Certified. You do this by taking a Self-Assessment Questionnaire (SAQ). There are 4 different options based on the equipment and type of transactions you process. If you would like to have a security professional’s guidance to achieve compliance and complete the SAQ, you are encouraged to do so. Please recognize that, while you are free to use any security professional of your choosing, only those included on PCI SSC’s list of Qualified Security Assessors (QSAs) are recognized as QSAs and are trained by PCI SSC. This list is available at https://www.pcisecuritystandards.org.

The PCI Security Standards Council (SSC) provides a variety of educational resources to further security awareness within the payment card industry. These resources include PCI DSS training for Internal Security Assessors (ISAs) and Standards Training. The PCI SSC website is also a primary source for additional resources, including:

• The Navigating PCI DSS Guide
• The PCI DSS Glossary of Terms, Abbreviations and Acronyms
•  Frequently Asked Questions (FAQs)
• Webinars
• Information Supplements and Guidelines
• Attestations of Compliance

Please refer to www.pcisecuritystandards.org for more information.

There are a variety of fines and policies specified by each of the major card companies. To learn what your specific compliance requirements are, check with your card brand compliance program:

• American Express: www.americanexpress.com/datasecurity
• Discover Financial Services: http://www.discovernetwork.com/disc.html
• JCB International: http://www.jcb-global.com/english/pci/index.html
• MasterCard Worldwide: http://www.mastercard.com/sdp
• Visa Inc: http://www.visa.com/cisp

For more business centric information about PCI Regulations, you can download the Getting Started Guide and/or the Quick Reference Guide from
https://www.pcisecuritystandards.org/merchants/how_to_be_compliant.php

Check with your Credit Card professional soon to make sure you are operating a safe processing environment. A Breach means more than fines and time consuming fixes. It means a loss of confidence by your patients.
Safe practices are healthy practices!

Article Published in Medical News December 2011
Written by Bobbi Govanus, Retriever Payment Systems
Bobbi@localCCprocessing.com